Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/ee/10463f-d2cf-43a7-8520-a2168421fecf/1/Ppt42Gv5gIDfqeLOpJTE20JEbUs.roa
File:                     Ppt42Gv5gIDfqeLOpJTE20JEbUs.roa (raw, json)
Hash identifier:          NdkXtmUAvOxUP9UHZgcc6jVZbUnj3SGw12e1roYv7cw=
Subject key identifier:   3E:9B:78:D8:6B:F9:80:80:DF:A9:E2:CE:A4:94:C4:DB:42:44:6D:4B
Certificate issuer:       /CN=4f51eb49e16edd184482bbcc163131745395f462
Certificate serial:       019E43B7C2D322F4B5F5D91CA40A1A0E30D5
Authority key identifier: 4F:51:EB:49:E1:6E:DD:18:44:82:BB:CC:16:31:31:74:53:95:F4:62
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/T1HrSeFu3RhEgrvMFjExdFOV9GI.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/ee/10463f-d2cf-43a7-8520-a2168421fecf/1/Ppt42Gv5gIDfqeLOpJTE20JEbUs.roa
Signing time:             Wed 20 May 2026 04:49:36 +0000
ROA not before:           Wed 20 May 2026 04:49:36 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     215095
IP address blocks:        195.58.156.0/24 maxlen: 24
                          2a05:da00::/29 maxlen: 29
Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/ee/10463f-d2cf-43a7-8520-a2168421fecf/1/T1HrSeFu3RhEgrvMFjExdFOV9GI.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/ee/10463f-d2cf-43a7-8520-a2168421fecf/1/T1HrSeFu3RhEgrvMFjExdFOV9GI.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/T1HrSeFu3RhEgrvMFjExdFOV9GI.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Sun 14 Jun 2026 01:00:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:9e:43:b7:c2:d3:22:f4:b5:f5:d9:1c:a4:0a:1a:0e:30:d5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=4f51eb49e16edd184482bbcc163131745395f462
        Validity
            Not Before: May 20 04:49:36 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=3e9b78d86bf98080dfa9e2cea494c4db42446d4b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:20:66:ea:f9:4d:a2:db:c4:68:63:07:2a:0f:
                    dc:87:5b:f5:7e:a8:a9:5e:72:bf:40:c5:c3:4b:26:
                    d7:05:2e:ff:86:cd:85:b5:09:da:09:c8:7b:a3:38:
                    6a:39:ac:98:73:44:b3:2d:95:54:19:d0:20:7b:49:
                    91:17:94:c4:ee:76:77:9f:93:bb:0d:67:d6:73:93:
                    17:99:44:7d:18:3a:c6:9e:e1:9e:6a:e2:ba:f5:b1:
                    76:ba:73:5a:53:17:b2:4e:6a:ea:fb:c0:5a:b0:1b:
                    c2:7f:74:e8:07:34:45:1b:c5:9a:ca:63:5a:2f:6f:
                    f6:c4:3e:af:9f:2d:c9:89:47:8e:70:9b:a3:69:36:
                    02:ec:7a:e1:11:e7:22:83:87:4a:fb:81:db:45:70:
                    51:91:bf:f0:98:29:c8:af:23:fc:05:85:db:9b:58:
                    aa:62:49:95:85:3a:75:25:63:97:58:9c:65:23:d2:
                    81:50:74:47:f7:dd:5b:a2:db:d4:7d:89:ef:54:2f:
                    14:62:d2:c9:a0:63:04:e5:61:6d:1b:3a:6f:24:3b:
                    20:27:5f:d2:85:07:c6:36:f6:fc:8a:d6:3f:52:d5:
                    30:66:cb:d8:52:2c:27:eb:c3:2e:cd:53:ef:93:0d:
                    8d:57:05:84:cc:01:63:f6:d0:f6:2b:f6:d4:4b:e8:
                    eb:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:9B:78:D8:6B:F9:80:80:DF:A9:E2:CE:A4:94:C4:DB:42:44:6D:4B
            X509v3 Authority Key Identifier:
                keyid:4F:51:EB:49:E1:6E:DD:18:44:82:BB:CC:16:31:31:74:53:95:F4:62

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/T1HrSeFu3RhEgrvMFjExdFOV9GI.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/10463f-d2cf-43a7-8520-a2168421fecf/1/Ppt42Gv5gIDfqeLOpJTE20JEbUs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/ee/10463f-d2cf-43a7-8520-a2168421fecf/1/T1HrSeFu3RhEgrvMFjExdFOV9GI.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  195.58.156.0/24
                IPv6:
                  2a05:da00::/29

    Signature Algorithm: sha256WithRSAEncryption
         7b:95:f3:6a:0d:b8:4a:37:c1:b6:ee:1f:16:a5:01:e5:cc:da:
         5f:41:e6:1e:aa:75:69:39:65:63:63:96:86:5f:37:52:48:0d:
         05:7f:e5:4c:64:93:8a:f6:0e:62:e7:3b:2d:52:b6:c2:3b:29:
         8b:13:8c:a3:1d:27:aa:93:9c:5f:ff:96:ff:da:27:7d:be:05:
         5f:d6:2e:a8:68:42:62:28:0f:a6:98:77:0c:88:f5:a0:25:ce:
         ff:cb:f6:93:66:2e:f3:fe:45:af:63:ae:b0:dd:cd:f6:2c:46:
         8a:ca:6b:52:15:ab:99:06:85:3b:e6:f3:30:c2:de:01:50:46:
         b4:e3:3a:ee:85:f0:07:61:71:d2:dc:52:fc:f5:d4:39:1e:0c:
         27:3f:0a:73:58:1b:fe:da:1f:b4:8d:7c:a9:ec:21:0d:62:a0:
         57:62:99:c5:c8:54:9f:f5:8f:77:98:89:1c:7d:df:4a:1b:c2:
         7b:de:fe:ff:50:29:87:1c:80:0b:63:b0:91:ab:73:96:9b:7e:
         a6:8c:71:9d:31:38:18:da:4e:68:bc:f2:d7:f7:c4:6f:61:c8:
         0f:75:c0:40:41:07:c9:73:5a:6e:09:89:8b:06:81:b6:cb:ad:
         01:02:0d:6d:80:00:17:26:18:d9:2f:db:d1:07:55:85:a2:3c:
         1e:e8:c7:f9
-----BEGIN CERTIFICATE-----
MIIFDDCCA/SgAwIBAgISAZ5Dt8LTIvS19dkcpAoaDjDVMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDRmNTFlYjQ5ZTE2ZWRkMTg0NDgyYmJjYzE2MzEzMTc0NTM5
NWY0NjIwHhcNMjYwNTIwMDQ0OTM2WhcNMjcwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygzZTliNzhkODZiZjk4MDgwZGZhOWUyY2VhNDk0YzRkYjQyNDQ2ZDRiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmyBm6vlNotvEaGMHKg/ch1v1fqip
XnK/QMXDSybXBS7/hs2FtQnaCch7ozhqOayYc0SzLZVUGdAge0mRF5TE7nZ3n5O7
DWfWc5MXmUR9GDrGnuGeauK69bF2unNaUxeyTmrq+8BasBvCf3ToBzRFG8WaymNa
L2/2xD6vny3JiUeOcJujaTYC7HrhEecig4dK+4HbRXBRkb/wmCnIryP8BYXbm1iq
YkmVhTp1JWOXWJxlI9KBUHRH991botvUfYnvVC8UYtLJoGME5WFtGzpvJDsgJ1/S
hQfGNvb8itY/UtUwZsvYUiwn68MuzVPvkw2NVwWEzAFj9tD2K/bUS+jrwwIDAQAB
o4ICGDCCAhQwHQYDVR0OBBYEFD6beNhr+YCA36nizqSUxNtCRG1LMB8GA1UdIwQY
MBaAFE9R60nhbt0YRIK7zBYxMXRTlfRiMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvVDFIclNlRnUzUmhFZ3J2TUZqRXhkRk9WOUdJLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9lZS8xMDQ2M2YtZDJjZi00M2E3LTg1MjAt
YTIxNjg0MjFmZWNmLzEvUHB0NDJHdjVnSURmcWVMT3BKVEUyMEpFYlVzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9lZS8xMDQ2M2YtZDJjZi00M2E3LTg1MjAtYTIxNjg0MjFmZWNm
LzEvVDFIclNlRnUzUmhFZ3J2TUZqRXhkRk9WOUdJLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC4GCCsGAQUFBwEHAQH/BB8wHTAMBAIAATAGAwQAwzqcMA0E
AgACMAcDBQMqBdoAMA0GCSqGSIb3DQEBCwUAA4IBAQB7lfNqDbhKN8G27h8WpQHl
zNpfQeYeqnVpOWVjY5aGXzdSSA0Ff+VMZJOK9g5i5zstUrbCOymLE4yjHSeqk5xf
/5b/2id9vgVf1i6oaEJiKA+mmHcMiPWgJc7/y/aTZi7z/kWvY66w3c32LEaKymtS
FauZBoU75vMwwt4BUEa04zruhfAHYXHS3FL89dQ5HgwnPwpzWBv+2h+0jXyp7CEN
YqBXYpnFyFSf9Y93mIkcfd9KG8J73v7/UCmHHIALY7CRq3OWm36mjHGdMTgY2k5o
vPLX98RvYcgPdcBAQQfJc1puCYmLBoG2y60BAg1tgAAXJhjZL9vRB1WFojwe6Mf5
-----END CERTIFICATE-----